diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2010-07-31 22:01:16 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2010-07-31 22:01:16 -0700 |
| commit | c94c7f8197eda673947a9d1e0c0b3f3c4efca94f (patch) | |
| tree | 0f978cfc2de70c54ac81e11d4339da04dff9f27f /samples/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs | |
| parent | 7d38eefb65928a1e80036ec006b0e129dc2cface (diff) | |
| download | DotNetOpenAuth-c94c7f8197eda673947a9d1e0c0b3f3c4efca94f.zip DotNetOpenAuth-c94c7f8197eda673947a9d1e0c0b3f3c4efca94f.tar.gz DotNetOpenAuth-c94c7f8197eda673947a9d1e0c0b3f3c4efca94f.tar.bz2 | |
Split the OAuthServiceProvider sample into two samples: OAuthAuthorizationServer and OAuthResourceServer.
Renamed OAuthConsumer to OAuthClient.
Diffstat (limited to 'samples/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs')
| -rw-r--r-- | samples/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs | 79 |
1 files changed, 0 insertions, 79 deletions
diff --git a/samples/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs b/samples/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs deleted file mode 100644 index aa5428f..0000000 --- a/samples/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs +++ /dev/null @@ -1,79 +0,0 @@ -namespace OAuthServiceProvider.Code { - using System; - using System.Collections.Generic; - using System.IdentityModel.Policy; - using System.Linq; - using System.Security.Principal; - using System.ServiceModel; - using System.ServiceModel.Channels; - using System.ServiceModel.Security; - - using DotNetOpenAuth.Messaging; - using DotNetOpenAuth.OAuth2; - - using ProtocolException = System.ServiceModel.ProtocolException; - - /// <summary> - /// A WCF extension to authenticate incoming messages using OAuth. - /// </summary> - public class OAuthAuthorizationManager : ServiceAuthorizationManager { - public OAuthAuthorizationManager() { - } - - protected override bool CheckAccessCore(OperationContext operationContext) { - if (!base.CheckAccessCore(operationContext)) { - return false; - } - - var httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty; - var requestUri = operationContext.RequestContext.RequestMessage.Properties["OriginalHttpRequestUri"] as Uri; - - try { - var principal = VerifyOAuth2(httpDetails, requestUri); - if (principal != null) { - var policy = new OAuthPrincipalAuthorizationPolicy(principal); - var policies = new List<IAuthorizationPolicy> { - policy, - }; - - var securityContext = new ServiceSecurityContext(policies.AsReadOnly()); - if (operationContext.IncomingMessageProperties.Security != null) { - operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext; - } else { - operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty { - ServiceSecurityContext = securityContext, - }; - } - - securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> { - principal.Identity, - }; - - // Only allow this method call if the access token scope permits it. - return principal.IsInRole(operationContext.IncomingMessageHeaders.Action); - } else { - return false; - } - } catch (ProtocolException ex) { - Global.Logger.Error("Error processing OAuth messages.", ex); - } - - return false; - } - - private static IPrincipal VerifyOAuth2(HttpRequestMessageProperty httpDetails, Uri requestUri) { - // for this sample where the auth server and resource server are the same site, - // we use the same public/private key. - var resourceServer = new ResourceServer( - new StandardAccessTokenAnalyzer( - OAuth2AuthorizationServer.AsymmetricKey, - OAuth2AuthorizationServer.AsymmetricKey)); - - IPrincipal result; - var error = resourceServer.VerifyAccess(new HttpRequestInfo(httpDetails, requestUri), out result); - - // TODO: return the prepared error code. - return error != null ? null : result; - } - } -}
\ No newline at end of file |